Recently, I had the honor of talking to David Bombal about the TLS Handshake. We picked apart everything that occurs in the first few milliseconds every time you browse to an HTTPS website:
In the video we stepped through every message of the Handshake, and spoke in detail about what information is included in each message and how that information is used.
The ultimate goal of the TLS handshake is to derive Session Keys, these are the keys which actually Encrypt and Secure the data transfer between the Client and the Server. And in this TLS deep dive, we explained exactly how those Session Keys are derived.
In the video, we also stepped through a Packet Capture showing a TLS Handshake using the RSA Key Exchange. You can download the Packet Capture and inspect it yourself using Wireshark.
The slides and content we walked through in the video is from my TLS Deep Dive course: Practical TLS.
It’s a meticulously crafted, thorough examination of the entire SSL and TLS ecosystem. In the course we walk through everything needed to take anyone from Security and Crypto amateur to an SSL Expert.
But don’t take my word for it, see what others have said about the course:
You can also check out the first two modules (and a few other lesson) for free to make your own decision about the quality of the course:
Great Timing Twitter…
In unrelated news, the day this video released is also the day Twitter decided to do a profile review. 🤦♂️🤦♂️
Thanks Twitter… great timing.
If you are trying to connect with me on Twitter and see something like this, either click through “Yes, view profile”, or give it a few days. But, please do connect with me on my new Twitter account =)